diff --git a/cmd/ca/sign.go b/cmd/ca/sign.go
index d32648a..1efa318 100644
--- a/cmd/ca/sign.go
+++ b/cmd/ca/sign.go
@@ -6,6 +6,7 @@ import (
 	"encoding/pem"
 	"fmt"
 	"os"
+	"path/filepath"
 	"time"
 
 	"github.com/spf13/cobra"
@@ -71,10 +72,13 @@ func Sign(cmd *cobra.Command, args []string) {
 		Bytes: cert.Raw,
 	})
 
-	// TODO: copy CSR to audit dir
-	_ = auditDir
+	// copy CSR to audit dir
+	os.WriteFile(filepath.Join(auditDir, "csr.pem"), pem.EncodeToMemory(&pem.Block{
+		Type:  pemfile.TypeX509CSR,
+		Bytes: csr.Raw,
+	}), 0600)
 
-	// write CSR to output file
+	// write cert to output file
 	switch outputFilename {
 	case "", "-":
 		os.Stdout.Write(raw)